MASWE-0024: Improper Use of Message Authentication Code (MAC)
Content in BETA
This content is in beta and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).
Placeholder Weakness
This weakness hasn't been created yet and it's a placeholder. But you can check its status or start working on it yourself. If the issue has not yet been assigned, you can request to be assigned to it and submit a PR with the new content for that weakness by following our guidelines.
Check our GitHub Issues for MASWE-0024
Initial Description or Hints¶
Improper use of MACs in security sensitive contexts affecting data integrity.
Relevant Topics¶
- Using HMAC with keys with insufficient entropy
- Using HMAC with missing timestamp (or nonce)
- Using MAC‑then‑encrypt or encrypt‑then‑MAC incorrectly, leaking information via timing or error messages
- Allowing predictors (users or attackers) to control data inputs, creating scenarios where forged or replayed tags bypass integrity checks.
- Hash functions lacking collision resistance (e.g., MD5 or SHA‑1 used in HMAC)
- Use of non‑cryptographic checksums (e.g., CRC‑32 instead of HMAC)
- MAC constructions that fail outside narrow assumptions (e.g., raw CBC‑MAC on variable‑length messages)
- Tags that are too short significantly lower the effort required for forgery
References¶
- https://developer.android.com/privacy-and-security/cryptography#deprecated-functionality
- https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf
- https://csrc.nist.gov/pubs/sp/800/224/ipd
- https://datatracker.ietf.org/doc/html/rfc6151
- https://web.archive.org/web/20170810051504/http://www.tcs.hut.fi/old/papers/aura/aura-csfws97.pdf
- https://en.wikipedia.org/wiki/Replay_attack